Hacked - Will the Real Velvet Sundown Please Stand Up?
Episode Date: September 16, 2025The story of a hoax within a hoax within a hoax within an AI soft rock band. That and a bunch of other stories about technology. Learn more about your ad choices. Visit podcastchoices.com/adchoices...
Transcript
Discussion (0)
Okay. I think you're going to see where I'm going with this. But give this image a look and describe for the listeners what it is you're looking at.
I am looking at a band playing. I'm 100% sure this is AI generated. Or at least AI modified, but it looks generated.
There's clues.
Mostly the composition because actually the most, the bigger tells aren't present in this image.
Yeah, everyone's got the right amount of fingers in this one.
Right amount of strings on the guitar.
There's no soft serve swirls anywhere of things going on.
How many teeth, roughly the right amount of teeth?
Yeah, you got it.
The same bewildered look on the drummer that I would expect to see on a regular drummer.
On a regular drummer's face, for sure.
We got a keyboardist.
next to a bassist with a drummer in the distance and a guitarist.
Like a real bass too, like a kind of a Fender P bass.
Like it all looks real, like the instruments look authentic-ish.
Yeah, stuff gets a little weird at the edges of the strings.
But generally speaking, it looks kind of like a band.
Kind of like a band.
So in June 2024,
this 60s-inspired sunny rock-pop quartet that you are looking at an alleged image of,
calling themselves the Velvet Sundown, shows up on music streaming platforms.
Within like a couple of weeks, they had dropped three, call it vintage flavored albums
and amassed nearly 1.5 million monthly listeners.
Their most popular song, Dust on the Wind, legally distinct,
racked up almost two million streams.
It's this kind of like, you know, moody 60s bluesy soft rock thing.
Pretty much immediately as the band racked up all of these listens, people started going,
well, this all seems off.
Look at the photo.
Listen to it.
The band's profile reads like it was generated, in my opinion, by a chatbot.
The covers of the albums have that kind of smeary, swirly, AI quality to them.
It's hard to differentiate things when writeups are written by chatbots because all writeups are written by chatboss these days.
Yeah.
As a clue goes, it's no longer sufficient.
The promo photos also have this kind of like overly glossy quality.
There was a bunch of them featuring all four members of the band.
What are their names?
Gabe Farrow, Lenny West, Milo Raines, and Orion Rio Del Marr.
Pro tip, if you're going to make up a fake band,
They can't all have a cool name.
A band might have one Mick Jagger, but there's just got to be like a Steve in there somewhere.
You can't give them all Orion's and Milos.
You're giving it away.
You've gone too far.
You've gone too far.
People start digging into the Velvet Sundown.
Multiple Reddit posts, I was able to find flag that in some of the press photos, you do have those more telltale signs.
The missing fingers, importantly, not the same missing finger across different photos.
By this point in 2025, the idea that there is potentially AI slop on streaming services, not that weird.
The thing is interesting is that a lot of people seemed to be listening to the Velvet Sundown.
Streaming platforms users found that the group songs were suddenly populating their personalized playlists.
It's like Velvet Sundown is showing up in a lot of people's Discover Weeklys.
And the recurring complaint that people started to sort of orbit around is the idea that like,
there's just no mention here that any of this is supposed to be AI.
presenting itself as a real band.
This is where this all gets interesting to me, because an extraordinary amount of press is now
reporting on the Velvet Sundown, on this band that's presenting itself to be real, that has
this growing audience that seems like it might be totally synthetic.
They're having their breakout.
They're having their breakout.
And that press causes the breakout to accelerate because, you know, everyone's reporting
on it all of a sudden.
At which point, the hoax band Russian nesting.
doll starts to get constructed.
On June 29th, the quote Velvet Sundown responds to claims their AI by saying, no, we aren't.
And then someone else says, no, we're the real Velvet Sundown.
And yes, we are AI, and this is an art project.
And someone else goes, no, we're the Velvet Sundown.
No, we aren't.
We're AI.
And it goes around and around and around.
And the press doesn't really know which way to go with the story.
And the plays keep piling up.
So I want to start here because a bunch of people have sent this to us with a story of an AI band hoax within a hoax, within a hoax, the story of the Velvet Sundown here on Hacked.
How you doing, Scott?
I'm good.
How are you, Jordan?
I'm doing good.
I'm doing good.
I'm enjoying the dwindling summer.
I'm keeping busy.
I'm about to go back out on the road again.
On the road again.
On the road again.
Copyright strike.
Yeah, totally.
Well, apparently those aren't things.
anymore. So I think we'll be okay.
The, uh, yes, dwindling summer is here. We have, we are now in September, which where I live is
just about snow time. So the, uh, leaves are starting to begin to fall. It was beautiful on
Saturday. It was, I think close to 30 degrees, like 80 some degrees Fahrenheit. And we went to the
pool, the outdoor pool and enjoyed the last throes of, uh, of warmth and the sun.
I haven't been to an outdoor pool in a while.
The outdoor pool near our house where my partner swims just closed down.
She's very sad about it.
Tis the season.
Outdoor pools close.
Tis the season.
Outdoor pools be closing.
Scott, have you tried using an AI music generation tool like Sunio, assuming I'm pronouncing that correctly?
Yes.
I've played with a couple of them mostly for fun just to see what leveled and capacity they were at.
But yeah, I play with them.
They're pretty good.
Yeah, they're impressive.
Yeah, the thing for me, like Jordan is a music, music maker,
and I dabble in music making stuff.
And music is very sciencey.
You know, there's beat signatures and timings and, you know,
composition is very, you know, structured often.
Structure of a song is very, you know, pop songs have a,
formulaic structure.
So all things that computers can easily do.
Yeah, especially if you feed them massive swaths of reference material.
It's interesting.
And on that note, I know there's going to be a story here for years to come about just how
legal all of this actually is.
And I'm guessing the record label, not wanting to get caught in another Napster-Lymewire situation
as being very, they're employing some very good lawyers as we speak to get to the bottom of all this.
For sure.
And unless they suddenly get very cool about a whole bunch of stuff to do with IP, there's probably
going to be some big movements on that front.
There's been some, it's been an interesting conversation.
Like we've talked about it on the show before, but so much of music, you know, there can only
be so many chord progressions.
There can only be so many, you know, rhythm signatures and drum beats.
if you reuse one that was used 38 years ago in another song and all of a sudden you're getting sued for, you know, copyright violations, it's like, wow, it's like, to me, this, this space, just given the finite of artistic, like, enjoyable artistic output, like, there's only so many things that work in music. Like, you have all of these different chords. You have all of these different tones. And compositions are very similar. Like, lots of,
modern music of this type are very similar.
So yeah.
So anyway,
to me,
it's,
it's,
it's always been a fascinating industry to look at from the outside looking
in because there is such finite boundaries to like,
what is acceptable and enjoyable to most listeners is a very finite subset of what's
possible.
And it's also very formulaic.
So. Yeah.
If you want to,
to me,
there's a spectrum.
And if you want to hear about the far side of the spectrum where it's like,
you really can't own.
music compositions in the sense that it's just math. You can listen to or how to brute force
music episode. We do an interview that's totally worth checking out. On this side of it,
it's the fact that you can very much own a recording. And these models don't work unless you
feed recordings in, which is different from songwriting. No one can own a G major to a C minor change.
That'd be a weird change. But no one can own that and sing in a D over it or whatever.
Totally. But the guitar that you recorded that day, mixed with the drums,
with the vocal performance, that can be owned.
And a model trained on that is a different thing than a model that knows to go from one
court to the other.
And it's there that we're just going to be living in where the exact legal boundary is
between those things.
And as you said, as a person who really loves making music, I definitely have the response,
and this is my bias, of like, oh, yay, thank you so much for automating the menial,
trivial task of self-expression through music.
Now I can get back to doing my dishes.
Thank God.
Someone automated that for me.
I can go back to these boring things that I dislike.
Totally.
Because you've taken away the one thing I do like.
One of the things that really brings me joy, thank God.
Yeah.
Which brings us nicely, I think, to the Velvet Sundown.
So, like I said, a bunch of people sent us this.
I'm sure you saw these come in.
Like, this was a big story.
We kind of were waiting for a little bit more to happen than just there's an AI band
getting listens and a little bit more happened.
It seems worth chatting about just to kick the episode off.
So to pick up the story from the intro,
news outlets picked up the story of the Velvet Sundown in like the final week of June.
At this point, they have over half a million listeners.
It's like pleasant enough if you've listened to it.
It's quite, it sounds.
it sounds like if an algorithm stitched together soft rock cliches based on a bunch of soft rock
in a training data set.
And industry A&R veteran quoted anonymously in Rolling Stone.
Rolling Stone comes up later in the story noted that the band's buzz came from this like
murmur that they're not real, not because the music's necessarily exceptional.
So faced with these suspicions that were starting to kind of fester, the Velvet Sundowns
purported members or someone on their behalf hits back publicly. June 29th, a Twitter account
saying, like, we're the Velvet Sundown unleashes this like very angry tirade denying that they
have anything to do with artificial intelligence. Quote, absolutely crazy that so-called
journalists keep pushing the lazy, baseless theory that the Velvet Sundown is AI generated with
zero evidence. Uh, quote, this is not a joke. This is our music written in long, sweaty nights in a
cramped bungalow in California with real instruments, real minds, and real soul. To my mind,
that denouncement, to your earlier point, does sound AI generated. But that's neither here nor
there. Yeah, it's, I feel like they probably watched the Anderson Pack, Bruno Maru's
Silk Sonic success, because it kind of has the same hues and color energy. Like a lot of the
aesthetic of it. Great reference. And they kind of were like, what if we did this?
Yes.
What if we made kind of a, not surf rock, but kind of, I don't know, like a 70s-inspired acoustic
rock band that kind of has this energy.
And we've seen that a few times over the years.
Like there's been a lot of artists that have come out and replicated Dolly Part and kind
of taken energy and inspiration from them.
Trends and cycles.
Trends and cycles.
Totally.
Everything old is new again.
Not a lot of new ideas under the sun.
We're back in the 90s.
Yeah.
They went back to the 60s and 70s.
Totally.
Like many.
before them. The words we and they in all of these characterizations are doing, or use those
loosely. It's like, I don't know, like, when we say they did that, it's like, my theory is a
prompt did that. Yes, exactly. Yes. They prompted. Yes, whoever prompted this did that.
So this band looks like it's AI. No, we're not AI. That protest is, I would say, pretty easily debunked by
the evidence at hand. Like we said, a lot of this imagery feels very clearly AI generated. One Twitter
post put it well. It's like, oh, cool, you have millions and millions of downloads right now.
Make an appearance on live television. Prove it. Put out a video. Like, just show a human being in a room
and we'll all believe that you're human beings. And this becomes a remarkable story. And you probably
become wildly famous overnight going from being like, this band, AI band got a million and
half views and it turned out they were real. Like that story would have gone wide. I can't help but
think that this story, the storyline that you have in front of you that we're going to talk through
is the, it's not the act that gets you in trouble. It's the cover up. A hundred percent.
A hundred percent. And just how easy to lie in a situation like this. Had they just come out and
not said anything? Yeah. People being like, you guys are AI and just ignore the posts. Yes.
They probably would still be accruing listeners today.
I think they might.
The thing that's weird is I think they might still be.
But you're right.
Like you could let the mystery kind of live,
except maybe no, you couldn't because someone else would try and own it.
So around the same time, like a different streaming platform,
one that we don't really have much here in the English being world.
It's called Dizer.
I was not very familiar with it.
Started flagging the content.
They added like a tag to it saying,
this is AI generated content.
Some tracks on the cell may have been created using artificial intelligence.
Other platforms to date seem to have no such warnings.
That French company was able to detect it just using like a filtering system,
which means they exist.
So the question of like where did all of these streams come from?
In recent years, major streamers have all kind of opened the doors to paid placement
on like influential playlists.
Recommendation algorithms have shifted away from,
human curators to like automated selections based on audio characteristics that are analyzed out of
the audio file, which therefore can be factored for and put into an audio file by like a music
generation platform.
A smart AI.
You got it.
Those changes.
Glenn McDonald, a former Spotify data alchemist said there's fewer reasons why a fake band couldn't
be successful on these platforms.
I'm excited to hear the end of this if they'd know who made this.
but I wonder if it wasn't a data analyst for somebody like a Spotify or a title or a Dizer
who knew exactly what to make to feed the recommendation playlist,
to feed, you know, to get mass coverage.
Yeah.
It's it all has the sheen of either a data scientist or a marketer or someone who's less
maybe on the like songwriting and creative side because they probably would have written some
songs, but someone who's more on the releasing and putting stuff out there into the world
side of things who came up with a scheme.
There was an interesting point here.
It was that same McDonald guy was talking about how, like, in the past, the issue was
fraudulent listeners, like bots inflating play counts on different platforms.
We've talked about this a ton on this show.
They were a bigger problem than the idea of, like, fraudulent content.
And his line was like, now maybe it's the opposite.
Now the question is shifting towards, like, am I?
I'm listening to what created computationally, are the listeners computational?
Like, the what's real of it all is getting really, really hard to, like, separate apart.
I can't help but, like, draw back to the, like, the first major one of these was the AI
EQing and changing voices.
And it just makes me remember the Drake Weekend song that got released and, like, the
internet witch hunt to figure out who did it.
I don't know if they ever figured out who did it.
But the most of the stuff that.
I read because I went down that rabbit hole was that it was this independent artist named Jake.
Okay.
And this is by no means that they did it.
It's just one of the allegations and the person that had done the research had so much backing for it.
Sure.
And yeah.
I remember that story.
What was interesting about that is, so if you've ever used Sunio and we'll talk more
about it in a second, but they are very analogous to like a mid journey or an image generation type process.
like, yeah, you can give it a reference image, but honestly, you're probably just giving it text prompts.
And I remember that story was like a person who had very clearly made songs and was like rapping over it, like just smitten bars and then re-skinned their voice to sound like these prominent artists.
And I was like, that's such a different thing.
And you can have an opinion that it is not okay to do that with an artist's voice and intellectual property.
I'm really open to that argument.
But that's such a different thing than just like yeeding a prompt into Sunio thing.
And remember what the vocalist sounds like.
So it's consistent.
It's like that's just so different.
Totally.
And yet when that happened, it felt like, wow, fake AI music.
What have we become?
It's like, Halcyonde is like that sounds great compared to this to me.
Yeah, yeah.
Well, that like that Drake weekend song was completely original composition.
Yeah.
They wrote the music.
Yes.
They wrote the lyrics.
Yes.
They sang and wrapped the lyrics.
and then used AI to make it sound like Drake in the weekend.
Yes, it was a Drake and Weekend filter on top of an original composition
as opposed to a very allegedly, markedly not original composition.
Totally.
Or not composed by a human, and therefore probably not composed in a traditional sense.
It was weird.
Like this thing, this Velvet Sundown band is showing up in all of these places.
It's showing up on people's feeds.
It was because of the 70 sound.
I liked this one.
There was a playlist about the Vietnam War.
where it like a prominent one of like classic Vietnam era songs and it appeared on that it's like no
definitely not it was it was it was already a little bit weird at that point at which point
enter a man possibly likely named Andrew Freeland July 2nd this guy Andrew Freeland contacts a bunch of
media outlets including Rolling Stone who runs a pretty prominent story on it saying like
we're the I'm the I'm the person
that has been posting all of these comments on behalf of Velvet Sundown,
I'm like a spokesperson and kind of like adjunct member of the band,
gets on a phone interview with Rolling Stone magazine and says like,
you know what, we got to come clean.
The band is indeed using AI tools to make their music.
They were using Sunio in their songwriting process.
And he described it as kind of like an art hoaxing thing
and sort of like waxing philosophical on like have things that are fake
sometimes have more impact than things that are real.
He's presenting this whole thing as kind of like a marketing ploy,
and he's being pretty wishy-washy on, like,
how much of it's AI and the degree to which it's AI.
It's saying it's like, I've got the quotes in front of me here.
It's marketing.
It's trolling.
People didn't care about what we did before,
and now suddenly we're talking to Rolling Stone.
So it's like, is that wrong?
Yes.
I added the yes at the end.
It's not great.
Can I deviate this conversation?
And how.
How is this, like, I struggled, because I struggle with like a lot of major music already in the fact that most of it is not written by the artist.
Oh, our music, certainly.
There are songwriting camps and groups and people that make entire livings just coming up with writing the lyrics for and pitching songs to popular artists.
So if you look at the credits on any CD, most of it, most of the songs on any top 50, top 100 billboard artist, they haven't written themselves.
There will be major singer-songwriters credited on every single song.
Yeah.
They might do a tweak to the lyrics here to make it more personal to them or some small things.
They're still singing it.
They can decide whether they sing a word and they perform and perform.
They become the performer.
I see where you're going with this.
But largely, I don't want to call it a fraud because it's not a fraud, but it's like, it's not like Fleetwood Mac, you know?
Like they wrote music, sat in the studios, did drugs, came up with songs and recorded them and like made a generation of music that like people still adore to this day.
Yes.
With real instruments.
Nowadays, everything is done in a DAW.
You know, any kind of technical expertise to creating music is largely inside of.
of a computer now, less on a drum kit or with a guitar. Like, yes, there are still the ability
to integrate that stuff, but you can still use MIDI, compose it, put it through the right
plugins and VSTs. Like, we're having a whole discussion about, anyway, the soul of the creation
of the music is more about artistic expression through music, less of technical expertise that
leads to artistic expression, which is where I think it was more in the 70s.
Yeah, I follow what you're saying that it has changed.
I don't feel as though it has necessarily become, in the ways that matter to me,
less humanly authored, it's just that the structure surrounding it has changed.
Like, Fleetwood Mac is a way of presenting a group of musicians making music together.
Look, we call it a band, and they all play an instrument, and that's how it works.
There's not really under the hood, though, that much of a difference between a band with a singer and a few instrumentalists and a singer who's the front person and a community of instrumentalists and producers and creators that have come and written the stuff around them.
It's still human beings coming up with musical ideas and figuring out how to weave them together to create a song, typically in pop music around a vocalist.
it's different and it doesn't feel the same because it's like typically different musicians on each song it's definitely a lot more factory floor you're right there's like a that personal touch to all of it is is less so but it's still authored by humans in a room certainly with drugs sometimes together in those big songwriting houses like so there there is still it's still human authored even if it's authored in this very weirdly optimized way.
that it has become over the last like 20 years it feels like yeah yeah i hear your point but to like the
thing for me is like we've already made the jump from singer songwriters you know taylor swift went
from being taylor swift the country singer songwriter to taylor swift the pop star who has other people
write her music and she did so very successfully she still wins awards for writing country music
that she doesn't perform because she was a country songwriter and and and
And the jump for me is less so, where it's like if I want to find inspiration in music by having an AI come up with concepts for me, is that any worse than me asking it a question about like, hey, we want to do something in marketing.
And I have a question about campaign optimizations or I'm going to sit down and develop this software system and I want to talk about the architecture of it so that I don't miss anything.
Like, I'm engaging with an artificial intelligence to help progress my goal.
If we're already at the point where I'm a major billboard artist and I just get sit in a room with a producer and listen to 700 song pitches in an afternoon and choose the ones that I like, is that any different?
I guess your argument is that humans created those pitches where I'm saying the AI creates the pitch.
And that's the major difference.
I mean, so in that situation, you still have a human vocalist performing on top of an instrument.
Of course, yeah.
And if the instrumental was created through a generative mechanism, that's still different than a human being going
like, shit, I just don't know what chord to play next here on my guitar, which is plugged into my gnaw.
Like, to me, there's just...
But very, I would say, like, just given how theoretical music is, especially how formulaic certain
genres are, like, they know what chord they're playing next. They know what transitions hit the
audience marks for, like, I'm talking about a very specific set of formulaic music, like in true
artistic expression for sure, but like you don't hear a lot of that. You have to go find that
music. That music's not pushed out to you on a on a now trending list on a music platform.
I'm very, I'm aware of how people seem to react when they find out that a thing wasn't played
by a human being, which is this feeling of like, I came to this to see you sweat.
Like I came to this, you put your shit down.
Yeah.
But it's not even their shit most of the time.
It's somebody else's.
But it's still someone's.
So there's a spread here, right?
Some people would be totally, some people probably are listening to Velvis something
going, I just love the songs and don't really give a shit.
A lot of people didn't.
But the question.
of like
is this a real band or a totally
synthesized band or something in the
in the middle
starts to really veer towards like
no this is this is totally synthetic
and the story in his telling Andrews
is that Velvet Sundown is like a prank
to prove a point
he'd like they'd feigned
outrage at the AI accusations
which earned this extra wave of like
publicity backlash
and the strategy seemed like it worked
the band streaming listenership like triples.
It goes from like 300,000 monthly listeners to over 900,000 monthly listeners in like a matter of days as part of this giant press cycle.
And during that interview, Freeland, talks more about how the band was made, which I want to bring up here because of what we're talking about here.
At first, he hedges, saying AI was only used for brainstorming musical ideas to your point.
As the discussion goes on, is on the same call.
He concedes that nearly no entire songs were generated.
using Sunio, though he wouldn't say which ones.
And specifically, so if you look at how Sunio works, he confirmed that they were using this thing
called the persona features, which is like you can synthesize a consistent lead vocal across
a bunch of different tracks so that this thing that's presenting itself is a real band,
sweating in a bungalow in California, sounded consistent across all of these tracks.
This is like a kind of an AI voice cloning feature inside of the product.
like Timbaland use it on his artistic process, Tata, which is like an AI generated thing that is like publicly invisibly and kind of celebrating itself as being AI, which I find much more interesting.
So it seemed like Velvet Sundowns creators had the AI write and sing pretty much all of the material.
There was maybe a little bit of human direction.
Freeling then gets asked what I think is maybe one of the most important questions about whether they're juicing their streams via like play.
list manipulation and bots.
And he just said, like, he kind of hedges and goes, like, I know we got on some
playlist that have a ton of followers and it seemed to have spiraled from there, still unclear.
So now everyone goes, okay, the big reveal.
Velvet's Sendown is a AI band after all.
It's confirmed by an insider.
We are importantly not at hoax within a hoax yet.
Freeland's admission comes out, makes a bunch of headlines, and then confusion sets in over
who Freeland actually is and whether he's telling the truth.
truth because then on July 3rd, days after his official Rolling Stone interview, the band's official
Spotify-linked social accounts put out an urgent claimer saying that the individual calling himself
Andrew Freeland is not associated with the band. Rolling Stone quickly publishes an update saying
that Freeland, the professed representative of the allegedly AI hoax band seems to be a hoax himself.
The band says we have no affiliation.
We have a hoax.
Inside of a hoax.
Everyone's scratching their heads.
Half of people are saying this is very clearly all AI.
Other people now are starting to swing in the other direction saying, no, it's not.
That guy was a liar.
BBC summed it up pretty well.
Rolling Stone reported the band, was aI created, quote,
only for the magazine to report shortly afterwards that the spokesman himself was a hoax.
Freeland kind of admits that.
claims the stunt was a deliberate plot to hoax the media about the hoax.
How many hoaxes can you do in this?
Just layers of hoaxes.
In a very long medium blog post on July 3rd, published hours after the official banned socials
denounced him, Freeland came clean, kind of describing himself as a professional in online
safety and self-professed expert in red teaming tech platforms and counter-disinformation
tactics.
When he saw the story kind of blowing up, he thought,
Oh, they don't seem to have a huge social presence yet in spite of all these views.
So he rebranded some old unused Twitter handles that were the right age to Velvet Sundown,
squatting on the band's identity, used generative AI to like re-skin all of it to look real.
And then goes on a publicity tour.
Reporters start reaching out to the accounts.
He's ready, sets up dummy emails as like the band's PR person and goes and does all these interviews.
notably when speaking to Rolling Stone,
Freeland says the journalist never questioned the authenticity of his account
or the existence of two separate Velvet Sundown profiles on X.
People were just really anxious and eager to find out what this was
and who was behind it,
and he sort of just presented himself as a perfect avatar for this.
Still, I have to say allegedly, AI-generated band.
I'm looking at Andrew Freeland's medium,
where he, there's only three posts, but it goes,
I'm the guy running the fake Velvet Sundown Twitter.
So yeah, I did make Velvet Sundown.
And so, yeah, I'm also Margot Blanchard,
the fake journalist that's been reporting on it as well.
I'm not convinced Andrew Freeland exists.
No, I know, definitely not.
I can tell by looking at his little medium photo that he's also.
This is an AI photo as well.
That's where the next hoax with it,
I can stop being dramatic about it.
I think then the fourth layer maybe is that I don't think
Andrew Freeland exists.
He is probably sitting in a studio with his buddies making actual music, drinking, and doing
drugs and laughing about all of this.
I would love that.
If it's a real musician and not like just an internet person, I think that would be great.
So July 5th, Velvet Sundown's official Spotify bio is updated with like a flat-out acknowledgement.
And this is at least a step in a good direction.
The Velvet Sundown is a synthetic music project guided by human creative direction and composed voice.
and visualized with the support of artificial intelligence.
I think support is still, if I had to guess,
gut instinct, a disingenuous word.
But it is at least acknowledging it is synthetically created.
And then the quote, this isn't a trick.
It's a mirror.
An ongoing artistic provocation designed to challenge the boundaries of authorship,
identity, and the future of music itself in the age of AI.
Man.
I added the man.
Again, it's hard not to add stuff to this.
As of right now, the creators are still kind of, I think, to the best of my knowledge, anonymous,
a third Velvet Sundown album, Paper Sun Rebellion dropped on July 14th.
To my mind, very, it's like you don't write and record songs that quickly.
And the band's popularity has grown.
They've got over a million months of listeners on Spotify by the point that that album dropped.
The day after he did this kind of dramatic, I did this post, Freeland,
or someone using that name that may or may not be his,
posted another update saying he'd been hacked.
He is now at this point somehow a less reliable narrator than the made-up AI band
at the heart of a hoax within a hoax within an Andrew Freeland within a Velvet Sundown.
Listen, you've got to respect the troll.
It's quite the troll.
It's quite the troll.
The thing that I don't understand is Timbaland has launched stage zero, this whole AI entertainment company, which is, again, as you said, fascinating and totally something we should talk about.
For sure.
Why has he not signed Velvet Sundown?
Like, they come with a massive amount of press.
They have publicity, a massive user base.
Like if you were in A&R, an AIA and R, like, is there a bigger AI band right now?
I think I actually have a really good answer to this, which is in a money grubbing context, going to an A&R,
AI band created by someone would mean having to split the profits with them.
When that person has inadvertently approved that it is so trivially easy to create this content
and game these systems to get to that level of success, that why would you ever share the
profit?
Why not just spam, like throw AI slop spaghetti at the wall until you get a hit of your own?
Maybe you can get Rolling Stone to cover it.
Like, that's how I would be approaching it.
I haven't listened to any of Tata's music.
But she, just from like straight impression, I get the feeling like, do you know who Rose is?
She's in Korean, New Zealand, Taylor Swift would be the like the analogy that I would draw.
Like I listen, like, I've heard, I think it's Rose, Rose.
I can't remember her exactly.
But when I hear her music, I just assume I'm listening to Taylor Swift.
because all of the mannerisms and the little like, you know, accents and stuff that Taylor Swift does to, like, move the music along.
And, like, her song structures, Rose has nailed.
Interesting.
But Rose is a real person.
And if you had played the music for me and told me that this was a clone of Taylor Swift's music, I would be like, yes, it is.
This is an AI clone of Taylor Swift music.
Which is funny because it feels like a thing that could only happen.
the age of AI cloning except for the fact that it is the oldest story in music. Someone does
something original. And then to your point, an industry like engine, steam engine boots up to just be
like, how do we make another one? And it's like by getting them to make more because it's them and it's
like, no, it's not what I'm talking about. Like how do I get one? And suddenly a bunch of people have
to go do an impersonation of someone and it becomes a style and a trope. And then someone else rejects
that and does something new and the whole thing starts over and over again.
Keeps going. Yeah. Exactly. Yeah, I wanted to talk about that the second I saw the story back
in July, but there just wasn't quite that extra twist of us having anything to, you know, to say about
who's behind it. And then within like two weeks, there was way too much to say about who is behind it.
And yet somehow no thing. And none of it was real. Exactly. It's a nightmare. It's just like,
and the great group of vacation has begun.
Here is, I want to close this segment by reading a quote from Timbaland about his new AI
Entertainment Company Stage Zero from Billboard.
We should end every episode with the quote from Timbaland.
Well, we're still going to chat, I think, after the break.
Oh, yeah, no, we're not done yet.
But I'm not just producing tracks anymore.
I'm producing systems, stories, and stars from scratch.
Tata is not an avatar.
She's not a character.
She's a living, learning, autonomous music artist built with AI.
Tata is the start of something bigger.
She's the first artist of a new generation.
A-pop, not K-pop, A-pop, A-I-pop, is the next cultural evolution, and Tata is its first icon.
Timbaland.
Timbaland.
Grammy award-winning, mega-producer.
I'm looking at other quotes from Timbaland.
fear you have about where AI is going, Timbaland has just stepped up, driven them down your throat.
Timbaland riding in the tip of the spear of the four horsemen of the AI apocalypse.
He's like, I can write good music, but the annoying thing has always been working with artists.
So I'm just going to replace them with AIs that do what I tell them.
I have to see Justin Timberlank in the studio one more time.
Exactly.
Another quote from Timbaland, you don't question where music comes from because it all comes
from God.
Strong.
Power quote.
It's a power quote.
And I wonder how to reconcile that with the quote you just said.
And maybe we go to ads.
Do do, do, do, do, do.
Think about the last time you heard a breach story on this show.
It always starts the same way.
Someone somewhere saw something too late.
An alert buried, a signal missed, an SOC that just couldn't keep up.
Arctic Wolf set out to solve that problem by rebuilding security operations from the
ground up for a world where attackers are already using AI. They created the Aurora superintelligence
platform with fully agentic system powered by the swarm of experts. Instead of single-purpose bots or
lucky-guess LLMs, this swarm is full of deterministic agents that handle whole entire workflows.
Humans stay in the loop and on the loop to validate the critical decisions and keep everything
trustworthy. And all of this is just off running on their secure operations graph. A constantly
updating intelligence engine fueled by more than nine trillion to last.
elementary events every week and over a decade of real-world incident response.
The system reasons on real signals and real context not synthetic training data.
And the result is the new Aurora Agent SOC.
It's the first SOC that is agent led by design.
You get agents that coordinate, agents that investigate, agents that respond at machine speed,
and hundreds more that automate the repetitive work that normally buries human analysts.
Arctic Wolf didn't try and bolt AI onto an old model.
They rebuilt the model entirely.
What makes it even more effective is how it works with Arctic Wolf's concierge experience.
The team brings customer-specific context directly into the platform so every AI-driven
decision reflects your environment instead of generic assumptions.
The automation frees your concierge security team to focus on higher value strategy and
proactive risk reductions while the agents handle the grind.
If you want to see what trustworthy, production-ready AI and security operations actually looks like,
go to Arcticwolf.com slash hacked.
Ever feel like cyber threats are evolving faster than anyone can keep up?
Last year, 2025 was nothing short of a record-breaking year for major breaches,
from sophisticated ransomware operators to AI-enabled attacks that turned defenses on their head.
Organizations around the world saw headlines they never expected
and cybersecurity teams were tested like never before.
But here's the thing.
These incidents aren't just news headlines.
They're learning opportunities.
And that's why Arctic Wolf is hosting a live webinar on February 5th,
diving into the most impactful breaches of 2025.
Their field CTO and security leaders are going to unpack not just what happened,
but why these attacks succeeded.
And most importantly, what businesses can do to fortify their defenses for it's too late.
You're going to walk away with real insights in how threat actors are evolving,
how defenders are responding, and what strategies can help you stay ahead of the next big breach.
It's not fearmongering.
It's practical, actionable, intelligence from experts in the trenches.
Register now at arcticwolf.com slash hackt.
And we're back.
And we're back.
And we're back.
And we ended before the break talking about Timbaland.
Long may he rain.
Truly one of our generation's greatest pot makers.
Like all the goofing aside, if you've ever seen video of the man in a studio, he is quite remarkable.
He is.
Anyway, what were we saying?
We have to talk about other random things now.
Yes, we do.
We do.
How's your crypto investment going, Scott?
Oh, yeah.
Take the knife in.
Let me check.
I think last I looked, I was down 41%.
But you know, you know how these things can.
Highs and lows.
It's red, so I should probably buy more.
Isn't that the rule?
Yeah, totally.
Throw good money after bad.
That's what they say.
Anyway, we don't got to do.
well on that. What should we talk about here?
Well, I've got something that's available in
Canada. I don't know if you've seen this.
Okay.
The AI friend necklace is now
launched in Canada and you can buy it, Jordan.
I can buy you
a AI
chip that you wear on a necklace around
your neck that listens to everything going on
and makes snarky comments about
people and things
that are happening around you.
I would normally
so we don't normally
talk about multiple stories in the same kind of wheelhouse, which would mean that I would normally
have a lot more like exploratory questions and interest. And no, this can go straight to hell.
What? I'm wearing it. What am I doing? I don't like this. It's essentially the new generation of
AI wearables. And this is essentially a friend. So it's literally a voice chat bot that you wear on
your neck that listens to what's going on and converses with you as you wander through the world every day.
So it's a microphone on a necklace?
Yeah, with a chatbot integration.
Right.
But my phone has a microphone and chatbot integration.
Yeah, but it's in your pocket.
Yeah, but shut up.
There's no way this thing has any actual internet connectivity,
so you probably still need your phone to utilize it.
Yeah, that's kind of where I was going with it a little bit.
But the biggest thing that I'm interested in is the rumors about what Open AI is building.
are very similar to this.
So I'm intrigued to see that the negative response for this,
if that will adjust Open AI's direction.
So for anyone that doesn't know, Open AI spent a small nation's GDP acquiring
a Johnny I of the industrial designer behind most of Apple's great products,
his company, essentially, brought them in to be designing hardware for OpenAI.
there's been rumors that they're like, well, it's not a wearable as something else.
But it's not a phone.
It's like a third device that you would carry with your laptop and your phone.
It's this thing, but it's not a wearable because we know you hate those because the rabbit R1 sucked.
Personal opinion.
The AI pin was not successful at all.
A lot of these companies are falling apart.
There's this weird thing of like, it seems like you would have to be talking about a wearable,
but people don't seem to like these AI wearable.
So what is it you spent six billion?
on.
That's to catch people up.
Yes.
All the speculative rumors is that I've seen or that they are essentially making an iPod
nano or whatever the tiny little iPod.
The iPod shuffle.
Yeah.
Cool iPod.
That you wear on your like around a necklace, which is very similar to what this, this is.
Yes.
That is again, like for all practical purposes, we've talked about this on the show before,
but like that's a microphone accessory for.
a phone. Like it might be able to do some of the processing locally on it, but if it doesn't have
a screen, you're going to have to go over to your phone. My theory being that what this effectively
is is going to be a, I'm guessing, and I don't want to sound overly pessimistic, but like a
trivially useful hardware thing that is used as a gatekeeping thing for a software feature.
They're going to roll out some crazy agentic shit and the little piece of hardware is going
to be the thing you have to buy along with a subscription in order to get access to it.
That's my gut of where this is going.
It's more of a software thing with like a little hardware appendage that, you know,
has some sensors in it.
A little creepy, always on microphone that's listening and digesting every piece of
intellectual property that comes out of your mouth or anybody else's mouth around them.
Yeah.
No, it's your friend.
I suspect this.
It's your friend, Scott.
The hardware component of friend.
connects to an iPhone via Bluetooth continually listening.
I'm just reading marketing copyright.
Listening to all interactions around the wear.
Pressing a button on the necklace allows the user to speak to Friend with a message
sent to the iPhone in response.
Friend is also able to send messages without a conversational prompt responding to what the
wear is doing, which if I'm understanding correctly, just means it sort of by definition
has to be listening all the time, which is a choice.
I think it's becoming, this is.
To me, this is becoming like a demarcation point as to whether society rejects this or accepts it.
100%.
Because there's a few of these products now that are like complete privacy violators that are just like I'm always listening to everything that's going on around you.
And I am consuming the intellectual property and sending it back to the server farm in China.
And are you cool with it?
And I feel like society is now in this point of being like, are we cool with this?
I don't know if we're cool with this.
And Open AI dispense $6 billion to try and like push the coolness of this.
And I don't think society's going to love it.
There's rumors that the new AirPods, aside from being able to like, like obviously the new beats pros have the heart rate detector in the earpiece.
There's rumors that they will have always on microphones that will have similar functionality.
Rumors.
Speculation.
And Apple has historically been pretty good at compartmentalizing what they run locally on a device.
We know these models that are leaner and can run locally.
I could see them trying to differentiate themselves from the pixels of the world by saying we do all of that locally.
So yes, it's always listening.
It has the convenience of AI with none of the privacy violations of AI or something their Apple-e version of that marketing copy.
Totally.
Apple has always been very good about privacy and confidentiality.
They've gone to task with the governments and stuff like that over keeping private information private.
it. Yes. So I can, they would be my trusted play in this. If I had to make a bet on somebody
making something that people would actually adopt and use, it would probably be them. Because
they also have more money than a lot of the country's GDPs. So they don't need to particularly
try and get rich. They are already rich. Yeah. And there's, they have a lot to lose as well.
That's true. Their privacy, like there's,
billboards on the side of highways
using the word privacy.
And it's like you can really
you could really do some damage
if you roll one of these things out in a bad way.
And I think that they probably feel a little bit
like gun shy after the Apple intelligence rollout.
So I would imagine that they're going to be very careful.
There was people talking about the meta raybans.
It's like, does this device pass or fail the meta rayband test?
Which is after you take your finger off the talk to it button,
can you keep talking to it and it will answer you by and so the thing people do is like can you still
hear me and does the device after it by how it's presented is working should no longer be listening
going and it was someone going no i'm not listening anymore it's like cool love that love that
like it knows it's not supposed to so that's i think that's going to be like we're we're all
going to it's like i'm i love my air pods uh they're they're a great product and the idea of
Heart rate monitors is cool, and the idea of Siri not being useless is great.
But how you roll that stuff out is like people are going to stress test the living hell out of that.
Yeah.
The Google, the Google XR glasses, like the next generation of Google, like way past metarayband functionality.
Totally.
I'm, I'm so intrigued by them.
It's cool tech.
Yeah, it's cool.
All of the like wavelength displays and like pass through stuff.
I'm like, as a nerd, totally cool stuff.
I'm going to have a hard time not pre-order.
ordering a pair of those.
Sure.
And then I'm going to have a long philosophical conversation over a glass of
cognac with myself about whether I'm with my friend,
about whether I'm okay with it.
And also in what regard, like I, this, yeah, it's going to be very fascinating.
And Google's another one of those companies.
They've, you know, when it comes to these things like friend is a smaller startup.
Yes.
It's like the Googles, the apples, the Microsofts, the me.
I think are going to have totally different bumper rails on their stuff.
And I think that's going to be fascinating to watch the moral development of society around
are we cool with this and how it works.
It's tough because this is kind of an aside from like the ethics of all of this.
But like just as a person, I love the idea of small hardware startups.
This is an in the weeds thing.
Totally.
But like when Rabbit started, I was like, that's awesome that you're doing.
this rats.
And all of the AI hardware era has just been that over and over again, where I'm like,
I love the idea of the non-incumbent coming in and being like supply chains have gotten
cheaper, the ability to create something from scratch has gotten cheaper.
Let's make some crazy crap.
Let's throw something at the wall and see if it sticks with hardware in the way that people
have been doing it with software for years.
I just want someone to have an idea that's different.
then what if we took the sensors that are already in your phone and put them in a different little box
and have those sensors talk to the chat bot?
Like, I just want a different idea than that.
I got one for you.
You ready?
Lay it on me.
We're going to tie this whole episode together with this idea.
Okay.
Let's make a jukebox that takes prompts rather than, like, song requests.
Thanks.
I hate it.
it's directly jacked into Sunio.
Yeah, yeah, yeah, yeah.
You set up like a full old school looking jukebox
and maybe there's an audio interface
or maybe there's a keyboard on it.
You just type a prompt into it
and it'll generate and play the song in the bar.
That's, you would,
you'd make a lot of money for like a long weekend.
I think a lot of people would come in to try that once
and then never come back.
But it's, for a minute, you would have a thing there.
And then people would go like, oh, no, I want to listen to good music.
And then they would go to a different bar where someone's playing.
The funny thing is that it would take, like, you could do this in a hackathon.
It's like a Raspberry Pi.
Yeah.
With like a network connection and then a set of speakers.
It would be so easy to make.
And it would be the thing that I would get a wired article for.
Like I could already see it.
Yeah.
We're talking about this friend thing.
And it's like a little bit jibibit thing with the microphone in it that like, like,
Yes, you would 100% get a bunch of press coverage.
Random media coverage.
Yes.
We would talk about it probably.
Probably.
Should we do it?
Should we do this?
I'm good.
Do we have a hackathon?
I like the idea of a hackathon.
I mean, we've talked about this before.
Like I want to do our great hackathon at some point.
I want to do a great game jam.
I want to do a great hackathon.
Like we're scheming.
But yeah, it's interesting.
It's just funny to think that every, it's like I was at a bar.
the other day that it had kind of like a hi-fi bent to it. It was like a bar and restaurant,
but they had like someone who'd really put the time into like the acoustic treatment
and speaker arrangements so that it hit every table right. It was like that was kind of the
thing. I dig it about it. And the idea of going into a bar and it's just like a bunch of like
little apple home pods streaming like that hissy sunio generated music. It's just like the
antithesis of that is very, very funny to me. Going to like jazz bars and
Japan so much fun.
Like beautifully done.
It's a cool concept for a bar because like the acoustics of an environment and a restaurant.
You go to a restaurant that doesn't have acoustic treatment and you're like, why does it sound and feel bad in here?
And to go and be like, that means there's a spectrum.
Let's go to the far other sound of it and just make like the air feel right for music.
That's cool.
It's nerdy and it's in the weeds and it's not for everyone, but I appreciate it.
I am such a, I won't go back to really good restaurants that have bad acoustic treatments.
Like, I'm so sensitive to it.
It drives me up the wall.
There's a really nice restaurant in Evanton owned by a friend of mine.
Makes gray food.
I've been twice.
And every time I go, I have a terrible experience because it's like 96 decibels of average sound the whole time you're in there.
And it just gives you, like, this anxiety feeling.
Sure.
And I'm just like I just don't like it.
I have an idea for your idea that I don't think I like.
That I like this is my denim to it.
You could do the jukebox.
Okay.
But you could also game a fine.
it. So on each table, it's almost like, you know how you can have like a jenga thing.
You could have artists, like little blocks or something that have artist names and genres.
Like amoeboes? Yeah, little amoevos. And everyone can like stack and be like, I want to do
rag time sung by Charlie X, X, and start creating that weird mix and match thing.
And then you play that over it. So it's almost.
like the music is intentionally chaotic and kind of cringe.
Do you remember?
That could be something.
Do you remember going to iPod battles?
Oh my God.
Do you remember these?
I kind of know what you're talking about.
This would have been on the edge for me.
Like hip little bars and stuff.
You used to always have like iPod battles.
And it would be like two trendy businesses would go in.
And they essentially got the ox and they would just play sets.
And then they would compete.
And then people would choose a winner.
You could gamify the same thing.
Like you go to a bar and every table gets the ability to create one song and then
they gets played.
And then somebody at the end of the night gets voted.
A leaderboard goes up.
Yeah, sure.
It's very funny to think of like the bar that's main line item is not food or drink or staff
or ambience or furniture or any of that stuff.
It's just like API tokens.
Just like we boil an ocean for a night of the weirdest music you've ever.
ever heard. It's, someone will do it. There's a pop-up working on it right now. Okay. I'm going to
transition us. Take us away. Because I feel like we've talked about this enough. But if you do
make an AI powered jukebox, I expect full credits. You will not get it. Andrew Freeland will
offer you nothing, Scott. The, uh, um, in the exact same vein, there is a malware group that has
stolen a bunch of art and as part of the ransom, they are threatening to feed it to all of
the major AIs as learning data if they don't pay the ransom.
Oh, wow.
When you can have stolen art, what do you mean?
They've stolen digital art from like, they targeted a group called artists and clients,
the big website that connects artists and clients.
They hit it with a ransomware attack.
404 media, friends of the pod reported this and they have stolen all of the digital artwork
from this site and as part of the ransom demand, they're threatening to expose it and feed it into
the learning data sets for large language models.
Oh, wow.
So that is now like a new threat to the artistic community to be like, pay your ransom
or else we're going to essentially give your art style to the AIs.
Yeah, I mean, it's kind of a limp threat at a certain point.
It's like, oh, they're going to scrape it anyway.
You found it.
Like, they're going to get it eventually.
Interesting.
Huh.
Just full circle this episode.
We talked about as like media creation and AI.
Yeah, I mean, maybe it's just a theme episode.
The other one was the, okay, well, actually the one other story I want to talk about does have an a, okay, this is retroactively a theme episode.
Sheen.
Are you familiar with the fast fashion brand Sheen?
Oh, yes, yes.
Yeah, I was like you've, S-H-E-I-N.
Yeah.
Isn't it Sh-N?
Probably.
Or is a sheen?
I think it's Shen.
Shen?
I don't know.
That brand.
That brand.
Did you hear about the AI-generated model?
No.
They used the AI-generated model to, like, sell a shirt, and it seemingly inadvertently used United Healthcare CEO murder suspect, Luigi Mangione.
It got stepped back from the life when I said.
Oh my God.
Yeah.
So, you know, kind of just leave that one there.
Just, just, you know, a comedy of hairs with AI in this one.
They took down the listing.
I mean, it's technically just his likeness, but that's a photo of Luigi
Mangione and a shirt with a little floral print on it.
I'm looking at it right now.
And that is shocking.
Yeah.
I mean, don't, don't do that.
And I'm so curious what the prompt was.
But a quote, we have stringent standards for all listings on our platform.
We are conducting a thorough investigation, strengthening our monitoring process,
and we'll take appropriate action against the vendor in line with our policies.
So they're saying that an external party created the image.
I would say it was probably just a straight-up accident.
Like, I don't think they fed it a photo of them.
We're like somebody that looks like this.
Maybe they did.
Maybe they did.
But I doubt it.
And I bet.
Cross chatter of like handsome men.
and then a lot of comments of people saying, like, I find him handsome.
And then it just, like, got in the soup.
Or someone was just, just did a funny.
Either that or like, the diffusion had learned from public photos.
And because they were in the press so much, a licensed photo set of, like, we work in marketing.
So it's like, I could see how you can get to this photo.
You're like, I need a racially ambiguous person with curly hair and, like,
You know what I'm saying?
Like, it's kind of, like, I can see how they got a prompt to this photo.
And then it probably went digging through its learning set and found a photo of him and was like, oh, this looks right.
Yeah, a lot of people sure seem to be sharing a photo of this young man.
He must be a good.
Totally.
Could be.
Or someone just asked it to put Luigi Mangione in that shirt.
And it got through.
Hey, maybe there's no bad PR, right?
this might be that
well now
now that we're stuck in a thematic episode
as you've retroactively made this thematic
Yes
I don't really
The next thing I was going to talk about
is on this theme
So I'm just going to leave it alone
But hackers
Have been sneaking malware
Into SVG images
Bypassing antiviruses
Because SVG images
Which there are boatloads on
On the internet these days
are essentially just XML files.
For anyone that doesn't know what is an SVG file, like what is it normal?
Sure.
So a scalable vector graphic is an SVG file.
It's essentially a non-raster vector image that can scale and resize dynamically
because it's actually coded into XML the colors and shapes and dimensions that you look at.
So instead of seeing like a JPEG as a rasterized image,
It's bit pixels.
Every pixel is like a value for the color, et cetera.
SVG is more of like a dynamically generated one based on an instruction set that comes into this XML.
Yeah, it's an image executed via math instructions as opposed to pixel values.
Thank you.
Yeah.
Very, very helpful, very functional on today's Internet, especially when we're scaling between tiny cell phones and massive ultra-wide monitors.
Vertical and wide.
Yeah, yeah.
Useful.
But because they are just JavaScript, or sorry, just XML, they can embed things in them including JavaScript.
So anyway, there's a group out there that have been stringing stuff up into SVGs that is bad for you.
Huh.
Okay.
So I wonder what the takeaway there is, don't open SVGs?
No, no, no.
I think they're so prevalent that I don't think you can't not.
I think it's more specific around.
It's just that it's happening.
I don't think there's probably really any hard takeaway.
You've done with it, huh?
Yeah.
I'm sure the Microsofts and the Apple OSes of the world will begin filtering them for malicious tags and stuff like that.
So if it hasn't already been done.
Totally.
I could see browsers being on that extremely quickly.
It seems like the ideal delivery vehicle.
Totally.
The last one that I had here, and it is sort of still on theme was the story of prompt lock.
So prom block, this team of six professors and researchers at NYU's Tandon School of Engineering put out this thing called like called Prom Block.
It's a proof of concept experiment built to like test ideas in a very controlled lab setting.
They uploaded the program to a thing called Virus Total, which is this Google owned like malware database without explaining its academic origins, which caused a security company called ESET to flag it as like an active threat and issue of warning.
So we got this big cycle about what is this.
where did it come from and then everyone figured out it was a research project.
The thing that was interesting about it is that they called an orchestrator program.
So traditional malware, it's like the attacker writes,
it very carefully crafts it to execute a very specific piece of malicious code.
This being designed as an orchestrator,
the program doesn't contain all of the attack logic inside of it when it gets executed on the system.
It delegates the planning and coding to a large language model
inside of it.
So basically, the malicious file runs on the, like runs the orchestrator.
Instead of executing the pre-coded attack, the orchestrator communicates with the
LLM inside of it using natural language prompts.
The LLM generates the malicious code live.
Everything needed for each step of the compromise based on what it's learned, which is then
executed automatically.
The orchestrators launched the attacker steps back at the air, runs the entire process.
So just like a different style of ransomware.
developed by this internal research team put up as like a demonstration of how it could work
and a warning that gets this big response. Really interesting.
This is smart research.
Really cool research. Yeah. Interesting. Yeah.
But like this is this is how you get things like COVID, you know? It's like, yes.
It's like we're developing them in a lab to be prepared for when they happen. And it's like,
hey, now we have it.
And it's like prompt blockers like, hey, we built this crazy LLM powered hacking to a kit
so that we can start to prepare for the world that's going to have it.
Also, here it is.
Yeah, 100%.
And it's like they've built it in such a way as to, they don't have to break the guardrails
of even like relatively conservative systems for this to work.
Like each one of the requests is really, really compartmentalized to be kind of like harmless
so that pretty much any LLM will reply.
Like say it scans the computer for valuable files and it decides whether to like steal or encrypt or destroy them and then write a little extortion note and then run a little bit of code to do that thing.
None of those individual things of like delete some files are outside of the bounds of a system.
Write a hypothetical extortion note is like you probably prompt something to get it to do that pretty easily.
Yeah.
It's cheap and pretty hard to detect.
I think it chat GPT5 API rates which seems above what this would need to run.
It's 23,000 tokens to do like a full run of it, which is like 70 cents.
So the ability to create like bespoke ransomware on the fly live, like 70 cents.
And that's only if you're paying GPT5.
Yeah.
Use an open source model that's small and it's like you bring that cost down to basically zero.
And you get like unique attack code every single time bespoke live on the fly.
Crazy.
Yeah.
This one was interesting.
I almost, I wanted to talk to you about Velvet Sundown, but this one.
almost.
There's less to the story.
There's less to it because it's just like, you know, they made it.
They put it out.
People found it.
They thought for a second it was in the world and then it became clear that it's a research
project.
But like you said, this does seem like how in six months we're just dealing with like,
and then anyway, someone ran one of these inside of the Pentagon or inside of Google or
inside of a bank or something and like a calamity unfolds.
Well, so one of the other stories that I was going to talk about is kind of a knock on to what you just said is, is the supply chain attack structures going on inside of, like, development libraries is out of control.
Development, like, not just development, but development and like kind of auto package manager libraries.
So like NPM, they found supply chain malware attacks and 2.6 billion weekly downloads.
in MPM packages.
That ain't great.
So now you've got all these vibe-coded people,
like vibe-coding things
using these development packages
that are coming with pre-baked malware.
That malware is about to be like an independent AI system
that maximizes the damage locally.
Anyway, it is going to be a really interesting decade.
Yeah, I mean, we're already talking about stuff that I remember three years ago.
I mean, like, someday this is going to happen.
I think we at some point talked about like, there's going to be an AI ban that blows out,
like all these things.
It's like, okay, here we go.
Yeah.
So, you know, write down any predictions you make because we're probably going to be covering
it in a year or two.
We don't need to write them down there archived in our podcast.
This is true.
This is true.
Our podcast about fake AI bands and AI friends and ransomware powered by it's good.
good stuff. I'm going to add futurist to my email tagline.
Futurist crypto investor. Have you ever met somebody that calls themselves a futurist?
It is such a fascinating. The person who has the audacity to put futurist on their like
email signature is a very specific person. It's in a world of made up job titles,
somehow the most made up job title. Like I, to
I predict the future.
You just call yourself a snake oil salesman.
Just put that in LinkedIn if you're going to do that.
If you're going to just make an unverifiable claim that strongly implies fraud, just commit.
Wow, but what if you've got a proven track record?
Totally.
I bet technology is important in the future.
Futurist.
Like, it's like when you go to see a psychic at a thing and they're like, yeah, they're like,
oh, someone in the audience has lost a loved one.
It's like it's statistically inevitable.
You're just making blanket claims.
Their name starts with an R.
It's like there's only 26 letters.
Come on.
Like it's just,
it's head games, man.
Math, math.
It's math.
Math.
Anyway, I think we end there.
I think we end there.
Another one in the bucket.
I hope people have enjoyed riding with these random after the break sessions.
There's a lot of positive feedback.
Also, from Jordan.
I would like to thank everybody.
liked and subscribed and pre-registered and for the game.
The final thing on my to-do list for this episode was a big heartfelt thank you to everyone
who wish listed and went over to the page after last episode.
It meant a lot that you guys checked out.
A lot of positive feedback in the comments.
Yeah, it was really kind.
It means a lot.
We got a lot of work ahead on that episode, but it was really nice to see and everyone was
very, very kind.
So it means a lot.
We'll catch you in the next episode.
I'm going to be traveling over the next week or so,
hopefully we've got a little bit more live reporting for the next one.
And we'll catch you, catch you then.
Yeah.
I'm also gone after you get back.
We'll figure out when to record.
We'll figure out what to do.
I think you're back.
And I'm going to Japan at Christmas.
Hell yeah.
Okay.
Maybe you do a little live recording.
Yeah, absolutely.
A little reporting boots on the ground.
Moots on the ground in Japan.
Yeah, sick.
Okay.
Well, we'll catch you there.
Take care, everybody.